Trojan Infects Users, Disguised as Pictures of Nuclear Explosion

Sophos has detected a spam campaign spreading widely and saying that a strong nuclear explosion took place at a plant situated on the outskirts of London on September 9, 2008.

Sample e-mails that SophosLabs intercepted disclose that the messages pretend to have pictures in an attached file named victims.zip. But, on clicking the attachment, there are no images of the explosion instead a Trojan is installed, detected as Troj/Agent-HQE.

However, the spammer managed some pictures of the alleged incident displaying escape from death on account of radiation that he wanted to share with users. The only action required by the users was to click on the attachment.

If the Trojan gets installed, the scammers can use it to monitor the victim's PC and captures information for financial gains. The e-mails that come to the possible victims carry the title: "Reply: A report on radiation contamination of Canada."

Furthermore, the text of the e-mails says that according to the statements of witnesses, the explosion occurred at around 3 PM on September 9, 2008. In particular, a resident of the town had just enough time to inform her kith and kin before the telephone connection was being snapped so that no one could phone anybody.

Moreover, the given information is being only unofficially confirmed via private conversations among public agents, and local residents would post photos of the explosion and bodies of the victims on their blogs, says the text. Besides, unsurprisingly, the message body claims that there was no mention of the news in mainstream media as the government was trying to bury the incident. Finally, the text asserted that the nuclear explosion had occurred at the plant, and that the clouds of radiation were now receding.

Graham Cluley, Senior Technology Consultant, Sophos, states that all the recipients need to apply common sense and delete the e-mails. Although there should be sounds of alarm bells, however, until every user becomes aware of the social engineering techniques used, the cyber crooks would keep on using them, as reported by PORTALIT on September 11, 2008.